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(54) Distributed system and method of operation 
device 



for validation of a wireless communication 



(57) The present invention is directed to a distrib- 
uted system lor the authentication of a wireless commu- 
nication device by creating a hierarchical system using 
different regions and groups of regions. If a wireless 
communication occurs within one region, a routine data 
storage area determines whether reference data is 
locally available to compare with data captured from the 
unauthenticated wireless communication device. If the 
reference data is not available, a routing processor 
passes at least a portion of the data to a higher level in 
a hierarchical system until the location of the reference 
data can be determined. The captured data and/or the 
reference data are passed to a common location for 
analysis in a conventional manner In one embodiment, 
the common location is the region in which the refer- 
ence data is stored. The captured data is transmitted to 
the location where the reference data is stored to permit 
signature analysis at that location. The results of the 
analysis are passed back to the region in which the 
unauthenticated wireless communication device is 
presently located. Alternatively, the region in which the 
data is stored may transmit the reference data to the 
location where the captured data has been acquired. If 
the wireless communication device has been identified 
as an authorized communication device, the communi- 
cation can be processed. If the wireless communication 
device has been identified as a fraudulent device, the 
communication may be interrupted or redirected to a 



fraud intercept location. The technique also provides for 
the automatic update of routing data storage areas so 
that a change in one routing data storage area will be 
automatically passed through the remaining necessary 
portions of the system. 
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Description 
TECHNICAL FIELD 

The present invention relates generally to wireless 
telephone operation, and. more particularly, to a distrib- 
uted system and method of operation for the validation 
of a wireless communication device. 

BACKGROUND OF THE INVENTION 

In a communications network, it is often desirable to 
identify and distinguish one transmitter from other trans- 
mitters operating within the network. For example, in the 
radio telephone industry, a cellular telephone system 
utilizes an electronic serial number (ESN) and a mobile 
telephone identification number (MIN) to provide a 
unique identification for each transmitter. When an indi- 
vidual subscriber or other authorized user of a particular 
cellular telephone wishes to place a phone call, he dials 
in a telephone number and presses the "Send" button. 
In response, his cellular telephone transmits its ESN 
and MIN to the cellular network so the individual sub- 
scriber can be charged for the telephone call. 

Unfortunately, unscrupulous individuals illegally 
operate cellular telephones by counterfeiting the ESN 
and MIN of a valid subscriber's telephone in order to 
obtain illegal access to the cellular network without pay- 
ing for the service. The ESN and MIN of a cellular tele- 
phone can be obtained by a counterfeiter electronically 
monitoring the initial transmission of the telephone, and 
then programming the detected ESN and MIN into 
another telephone for illegal use. Thus, the mere trans- 
mission of the authentic ESN and MIN is by itself inade- 
quate to protect a cellular telephone system from 
misuse by counterfeiters. When a cellular telephone ini- 
tiates a call, it transmits its ESN and MIN as an identifi- 
cation. While the cellular telephone is identified by its 
ESN and MIN, it cannot be considered as an authorized 
cellular telephone because it is not known whether the 
ESN and MIN have been transmitted by the authorized 
cellular telephone or a fraudulent cellular telephone. For 
purposes of the present description a cellular telephone 
identified on the basis of the transmitted ESN and MIN 
is designated as an unauthenticated cellular telephone 
until it is determined to be an authorized cellular tele- 
phone or a fraudulent cellular telephone. 

In an effort to provide additional security, some cel- 
lular systems and other wireless services, authenticate 
mobile units based on the radio frequency (RF) trans- 
mission of data by the mobile unit during a call set-up 
process. Rather than identify the mobile unit by its ESN 
and MIN alone, the system also identifies a cellular tel- 
ephone by its transmission characteristics. In this man- 
ner, the cellular system operator can reject calls from 
illegitimate cellular telephones even when those cellular 
telephones transmit valid ESN and MIN numbers. For 
example, in U.S. Patent No. 5,005,210 issued to Ferrell 



on April 2, 1991 ("the Ferrell patent"), a signature anal- 
ysis system is described that analyzes certain transmit- 
ter characteristics in an effort to identify the transmitter 
type. The system in the Ferrell patent analyzes the man- 

5 ner in which the modulator makes a transition to the 
designated carrier frequency. This transient response is 
used to identify the type of transmitter. 

While the Ferrell patent describes one class of 
transmission characteristics that can be used to identify 

10 a particular transmitter, other transmission characteris- 
tics are also known in the art. For example, U.S. Patent 
No. 5,420,910 issued to Rudokas et al. on May 30, 1995 
("the Rudokas patent"), describes an identifier, such as 
a radio frequency signature, that can be used to posi- 

15 tively identify a valid cellular telephone or a known 
fraudulent telephone. Other types of signature authenti- 
cation systems are also known in the art and need not 
be described herein. These transmission characteris- 
tics, from whatever source they are derived, can be 

20 processed in different manners to create a "fingerprint" 
of the individual transmitter. The analogy with finger- 
prints is used because each transmitter fingerprint is 
believed to be completely unique. The transmitter fin- 
gerprint can be used to determine whether the trans- 

25 mission characteristics of the unauthenticated 
transmitter match the stored fingerprint of the author- 
ized transmitter corresponding to the transmitted ESN 
and MIN. In such manner, the fingerprint is used with 
cellular telephone calls to authenticate the cellular tele- 

30 phone. 

Fingerprint authentication systems all require at 
least one transmission characteristic waveform, known 
to be generated by the authentic cellular telephone, to 
be used as a reference waveform for the fingerprint 
35 authentication system. Some systems may rely on more 
than one reference waveforms to generate the finger- 
print. 

The advantage of analyzing the transmission char- 
acteristic of the unauthenticated transmitter is that it 

40 does not rely on data such as the ESN and MIN to verify 
the authenticity of the cellular telephone. A disadvan- 
tage of such identification techniques is that identifica- 
tion of an unauthenticated transmitter is only possible 
when reference waveforms for the authentic cellular tel- 

45 ephone are available to the signature analysis system. If 
the user only operates the cellular telephone in one 
geographic region, signature analysis techniques are 
effective to prevent fraudulent misuse of the ESN and 
MIN. However, cellular telephones are often used in a 

so "roaming" mode in which the user operates the cellular 
telephone outside his home geographic region. Under 
these circumstances, the reference waveforms are una- 
vailable to the signature analysis system in areas out- 
side the users home geographic region. Thus, 

55 signature analysis techniques are ineffective when the 
user is roaming in an area outside his home geographic 
region. Therefore, it can be appreciated that there is a 
significant need for a system for analyzing transmission 
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characteristics that will allow the use of fingerprints 
even when roaming. The present invention provides this 
and other advantages as will be illustrated by the follow- 
ing description and accompanying figures. 

SUMMARY OF THE INVENTION 



The present invention is embodied in a system and 
method for the validation of wireless communication 
using a customer wireless telephone and a wireless tel- 
ephone system. The system includes a plurality of 
authentication processors, each serving a separate 
geographic area and having a data collection element to 
acquire authentication data from an unauthenticated 
wireless telephone. A particular one of the plurality of 
authentication processors acquires authentication data 
from an unauthenticated wireless telephone during a 
present communication with the unauthenticated wire- 
less telephone in the geographic area served by the 
particular processor. The system also includes a stor- 
age area in a location apart from the particular proces- 
sor containing reference data associated with a 
customer wireless telephone. An analysis unit analyzes 
the acquired authentication data with respect to the 
stored reference data associated with the customer 
wireless telephone. The analysis unit determines if the 
unauthenticated wireless telephone is the customer • 
wireless telephone or a fraudulent wireless telephone. 
The analysis unit generates a response indicator to indi- 
cate that the analysis unit has determined the unau- 
thenticated wireless telephone to be one of the 
customer wireless telephone and a fraudulent wireless 
telephone. A communications processor controls com- 
munications between the particular processor, the stor- 
age area, and the analysis unit. 

In one embodiment, the particular processor may 
generate an interdiction indicator to a cell site controller 
to indicate that the present communication is invalid if 
the response indicator indicates that the unauthenti- 
cated wireless telephone has been determined to be a 
fraudulent wireless telephone. Alternatively, the particu- 
lar processor can generate an authorization signal to a 
cell site controller to indicate that the present communi- 
cation is valid if the response indicator indicates that the 
unauthenticated wireless telephone has been deter- 
mined to be the authorized wireless telephone. 

The analysis unit may be part of the particular proc- 
essor acquiring the authentication data or a portion of a 
second one of the plurality of authentication processors 
serving a separate geographic area from the particular 
processor. When the analysis unit is a portion of the 
particular processor acquiring the authentication data 
and the storage area is a portion of a second one of the 
plurality of authentication processors, the communica- 
tions processor routes stored reference data from the 
second one of the plurality of authentication processors 
to the analysis unit in the particular processor to permit 
the analysis of the acquired authentication data with 



respect to the stored reference data in the particular 
processor. When the analysis unit and storage area are 
portions of a second one of the plurality of authentica- 
tion processors, the communications processor routes 
5 the acquired authentication data from the particular 
processor to the analysis unit in the second one of the 
plurality of authentication processors to permit the anal- 
ysis of the acquired authentication data with respect to 
the stored reference data in the second one of the plu- 
w rality of authentication processors. In this situation, the 
communications processor may also route the 
response indicator from the second one of the plurality 
of authentication processors to the particular processor. 
In an exemplary embodiment, the communications 
is processor routes the acquired authentication data or the 
stored reference data to the analysis unit during the 
present communication to permit the analysis unit to 
perform the analysis of the acquired authentication data 
with respect to the stored reference data during the 
20 present communication. In an alternative embodiment, 
the communications processor routes stored reference 
data from the storage area to the analysis unit at a time 
prior to the present communication and the analysis unit 
performs the analysis of the acquired authentication 
25 data with respect to the stored reference data during the 
present communication. 

The analysis unit may perform additional analysis 
on the acquired authentication data to determine 
whether it should be included as a portion of the stored 
30 reference data. During a subsequent communication, 
the authentication data acquired by the data collection 
element during the subsequent communication is ana- 
lyzed with respect to the stored data, including the por- 
tion of data included by the analysis unit as a portion of 
35 the stored reference data. 

In a system wherein the wireless communication 
device transmits identification data, the storage-area is 
associated with one of the plurality of authentication 
processors. In this embodiment, the system also 
40 includes a routing processor associated with each of the 
plurality of authentication processors to determine with 
which of the plurality of authentication processors the 
storage area is associated. Each routing processor 
includes a routing data storage area to store routing 
45 data in association with the identification data of the 
wireless communication device. The routing processor 
accesses the corresponding routing storage area for the 
routing data associated with the identification data ol 
the wireless communication device. The system can 
so also include means within one of the routing processors 
for altering the routing data in the corresponding routing 
data storage area. If the routing data has been altered, 
the one routing processor generates an alteration signal 
to indicate alteration of the routing data in the corre- 
55 sponding routing data storage area. The system may 
further include alteration detection means within a sec- 
ond one of the routing processors to detect the altera- 
tion signal. The second routing processor alters the 
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routing data in the corresponding routing data storage 
area so that it matches the altered routing data in the 
routing data storage area corresponding to the one rout- 
ing processor. This technique permits the automatic 
updating of routing data contained within routing data 5 
storage areas. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 is a functional block diagram of a known 10 
signature analysis system wherein an authentication 
processor is co-located with a receiver receiving trans- 
mission characteristics from an unauthenticated wire- 
less transmitter. 

Figure 2 illustrates the use of the authentication 15 
processor of Figure 1 to analyze captured transmission 
characteristics from a plurality of receivers within a sin- 
gle region. 

Figure 3A is a functional block diagram of the sys- 
tem of the present invention using a distributed authen- 20 
tication system. 

Figure 3B is a functional block diagram of an alter- 
native embodiment of the system of the present inven- 
tion using an authentication system. 

Figure 4 is a functional block diagram of the system 25 
of Figure 3 illustrating details of two geographic regions 
of the distributed authentication processing system of 
the present invention. 

Figure 5 illustrates the operation and data process- 
ing steps performed by the system of Figure 4. 30 

Figure 6 is a functional block diagram of a routing 
processor to update routing data for the distributed 
authentication system of Figure 3. 

DETAILED DESCRIPTION OF THE INVENTION 35 

The operation of wireless telephone systems is 
well-known, and will only be discussed briefly herein as 
related to signature analysis. Although the discussion 
that follows is directed to cellular telephones, it should 40 
be clearly understood that the invention can be used 
with wireless telephone devices that may transmit voice, 
such as cellular telephones, or data, such as data 
modems. The term telephone as used herein is 
intended to include devices for wireless voice and data 45 
communication. A conventional authentication proces- 
sor 2 is illustrated in Figure 1. A cell site controller 4 
includes an antenna 6, which is coupled to a receiver 8. 
For the sake of brevity, other conventional cell site com- 
ponents, such as a transmitter, are omitted from this dis- so 
cussion. A radio frequency signal from a cellular 
telephone 10 is received by the antenna 6 and receiver 
8, typically in the 800 megahertz (MHz) frequency 
range. A demodulator 12 demodulates the radio fre- 
quency signal. Many known signature analysis systems 55 
analyze certain characteristic waveforms in the output 
of the demodulator 12 to determine whether the cellular 
telephone 10, which is presently unauthenticated, is an 
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authorized cellular telephone or a fraudulent cellular tel- 
ephone. The cell site controller 4 verifies the authentic- 
ity of the ESN and MIN transmitted by the cellular 
telephone at the beginning of a cellular telephone call. 

The authentication processor 2 illustrated in Figure 
1 is typically installed at the location of and communi- 
cates with the cell site controller 4. The authentication 
processor 2 includes a CPU 13 that processes the data 
from the demodulator 10. Many of the processes 
described with respect to Figure 1 are performed by the 
CPU 13 using conventional programming techniques. 
The programming techniques are well within the knowl- 
edge of those of ordinary skill in the art of computer pro- 
gramming and need not be described in detail herein. 

The authentication processor 2 also includes a 
memory 14, which may include both random access 
memory (RAM) and read-only memory (ROM). A signa- 
ture analyzer 16 performs a signature analysis of trans- 
mission characteristics of the transmitter in the 
unauthenticated cellular telephone 10. Some signature 
analysis techniques have been described in the Back- 
ground of the Invention section herein and will work sat- 
isfactorily in the authentication processor 2. One 
example of a signature analysis technique is described 
in U.S. Patent Application No. 08/611,429, entitled 
"Adaptive Waveform Matching For Use In Transmitter 
Identification," filed on March 6, 1996, which is incorpo- 
rated herein by reference in its entirety. That system 
performs a real-time analysis of the captured transmis- 
sion characteristics From the unauthenticated cellular 
telephone 10 and compares the captured transmission 
characteristics with stored reference waveforms. 

A decision engine 18 uses the results of the signa- 
ture analyzer 1 6, as well as other forms of data to deter- 
mine whether the present call from the unauthenticated 
cellular telephone 10 is valid or invalid. A valid call is a 
call from an authorized cellular telephone (that corre- 
sponds to the ESN and MIN transmitted by the tele- 
phone), while an invalid call is one from a fraudulent 
cellular telephone. The signature analyzer 16 and deci- 
sion engine 18 together form an analysis unit 20. If the 
present call from the unauthenticated cellular telephone 
10 is determined by the decision engine 18 to be an 
invalid call from a fraudulent cellular telephone, the 
analysis unit 20 generates a system output signal 22 to 
indicate to the cell site controller 4 that the present call 
is invalid. The cell site controller 4 may terminate the 
invalid call or connect the invalid call to an alternative 
telephone _numb.er designated to receive interdicted 
fraudulent telephone calls. If the decision engine 18 
determines that the present call is a valid call from the 
authorized cellular telephone, the system output 22 indi- 
cates to the cell site controller 4 that the present call can 
be processed. Alternatively, the analysis unit 20 may 
generate no output when the present call is determined 
to be valid, which simply allows processing of the 
present call to go on unimpeded. In this embodiment, 
the cell site controller 4 processes all calls unless it 
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receives an interdiction message from the system out- 
put 22 of the analysis unit 20. 

The signature analyzer 16 analyzes the captured 
transmission characteristics from the unauthenticated 
cellular telephone and compares those transmission 
characteristics with stored reference waveforms that are 
known to be from the authorized cellular telephone. The 
authentication processor 2 typically uses the transmit- 
ted ESN and/or MIN as an index to a fingerprint storage 
area 24. The fingerprint storage area 24 stores the ref- 
erence waveforms that are associated with the author- 
ized cellular telephone. The signature analyzer 16 
compares the captured transmission characteristics 
from the unauthenticated cellular telephone 10 with the 
previously processed and stored reference waveforms 
corresponding to the ESN/MIN transmitted from the 
unauthenticated cellular telephone. The results of the 
signature analyzer 16 can be used as an input to the 
decision engine 18. The decision engine 18 may also 
use other forms of data input to determine whether the 
unauthenticated cellular telephone 10 is likely the 
authorized cellular telephone or a fraudulent cellular tel- 
ephone. Some forms of the decision engine are known 
in the art, such as those described in the previously ref- 
erenced U.S. Patents, such as the Rudokas patent. 
Another form of the decision engine 18 is described in 
copending U.S. Patent Application No. (Express Mail 
No. EM330171925US/Attorney Docket No. 
200097.403), entitled "System And Method For Detec- 
tion Of Fraud In A Wireless Telephone System," filed on 
February 28, 1997, which is incorporated herein by ref- 
erence in its entirety. In that application, the decision 
engine 18 accepts data inputs, such as customer call 
profile, known valid destination telephone numbers, 
known fraudulent destination telephone numbers, and 
the like and combines these various inputs to generate 
the system output 22. In one embodiment, the decision 
engine 18 may be a fuzzy logic classifier that combines 
the various data inputs to generate the system output. 

The fingerprint storage area 24 may contain refer- 
ence waveforms used by the signature analyzer 16 as 
well as other forms of data used by the decision engine 
18, as described above. Figure 1 illustrates the opera- 
tion of the authentication processor 2 operating in con- 
junction with the cell site controller 4. However, in some 
applications, the authentication processor 2 may serve 
multiple cell site controllers. This is illustrated in Figure 
2 where a conventional regional authentication proces- 
sor 2a serves a plurality of cell site controllers 4. Each 
cell site controller 4 controls communications with cellu- 
lar telephones within a corresponding cell 4a, which are 
illustrated in Figure 2 as roughly circular, overlapping 
geographical regions. However, those skilled in the art 
will recognize that the cells 4a may be of varying size 
and shape. The present invention, which will be 
described below, is not limited by the specific geograph- 
ical configuration of the cells. Each cell site controller 4 
captures transmission characteristics from unauthenti- 



cated cellular telephones and transmits the captured 
transmission characteristics as well as the ESN/MIN to 
the regional authentication processor 2a. The regional 
authentication processor 2a includes the analysis unit 
5 20 (i.e., the signature analyzer 16 and the decision 
engine 18). and the fingerprint storage area 24. The 
regional authentication processor 2a determines the 
validity of cellular calls from all of the cells 4a and trans- 
mits the system output 24 back to each of the respective 
70 cell site controllers 4. 

The advantage of the conventional system illus- 
trated in Figure 2 is that only a single fingerprint data- 
base is used within a particular region. A region, as 
used herein, refers to a market as defined by the Fed- 
15 eral Communications Commission. A region or market 
is typically a geographic region that is served by at least 
two cellular service providers. The region can be 
defined by a set of MINs. For example, the area codes 
206 and 360 cover the western Washington geographic 
20 region. A region or market may be defined by one or 
more area codes. For example, a geographic region 
may be defined as a single area code, such as 206, or 
as multiple area codes, such as 206 and 360. It should 
be noted that area codes are referred to in the teleph- 
25 ony industry as a number plan area (NPA). Therefore, a 
region or market may be defined by one or more NPAs. 
The telephone exchange portion of a telephone 
number, designated by the telephony industry as NXX, 
may also be used to define a region or market. Thus, a 
30 region or market can be a selected list or range of NXXs 
for a particular NPA. 

The fingerprint storage area 24 (see Figure 1) of 
the regional authentication processor 2a For the partic- 
ular region contains reference waveforms and other ref- 
35 erence data for all cellular telephones whose MIN 
corresponds to the particular region. However, if a cellu- 
lar telephone from a different region is operated within 
the region for the regional authentication processor 2a 
in a "Roam" mode, it is, by definition, operating outside 
40 its normal region. For example, if the regional authenti- 
cation processor 2a is used to authorize cellular tele- 
phone calls within the 206 area code, the fingerprint 
storage area 24 (see Figure 1 ) will not contain data for a 
cellular telephone whose MIN corresponds to a different 
45 area code. Thus, a person traveling from the northern 
Virginia area, having a MIN with an area code of 703, 
will not have reference data stored within the fingerprint 
storage area 24 of the regional authentication processor 
2a. Under these circumstances, the regional authenti- 
50 cation processor 2a cannot analyze the captured trans- 
mission characteristics of the unauthenticated cellular 
telephone from the 703 area code. The cellular service 
provider may address this problem by either processing 
all Roaming calls, or intercepting all Roaming calls to 
55 get additional information from the user. The former 
approach may result in numerous fraudulent cellular tel- 
ephone calls being processed by the cellular service 
provider while the latter approach results in great incon- 
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venience and frustration to the user. 

The present invention provides a technique for 
sharing of fingerprint data and distributed analysis for 
cellular telephones operating in the Roam mode. The 
present invention is embodied in a system 1 00, shown 5 
in the functional block diagram of Figure 3A. A regional 
authentication processor 2a operates in a conventional 
manner, such as described above with respect to Fig- 
ures 1 and 2, when the present call from an unauthenti- 
cated cellular telephone has a MIN corresponding to w 
that region (see Figure 1). That is, a region 1 authenti- 
cation processor 2a includes the analysis unit 20 (see 
Figure 1) (containing the signature analyzer 16 and 
decision engine 18), and the fingerprint storage area 
24. The fingerprint storage area 24 for the region 1 15 
authentication processor 2a contains fingerprint data 
associated with the cellular telephones whose MINs 
correspond to region 1. Each of the other regional 
authentication processors 2a contain identical compo- 
nents and operate in an identical manner for cellular tel- 20 
ephones whose MINs correspond to their respective 
regions. 

If a cellular telephone call originates in one region, 
but has an MIN corresponding to a different region (i.e., 
it is a Roaming call), the regional authentication proces- 25 
sor 2a processing the telephone call will not have the 
fingerprint data associated with the authorized cellular 
telephone. In that event, a communications processor 
101 controls communications between the regional 
authentication processor 2a for the region in which the 30 
call is originating and the regional authentication proc- 
essor 2a for the remotely located region corresponding 
to the MIN. The communications processor 101 is cou- 
pled to the various regional authentication processors 
2a by a plurality of communication lines 102. 35 

As will be discussed in greater detail below, the sys- 
tem 100 permits the analysis of data by the analysis unit 
20 in the regional authentication processor 2a in which 
the present call originated or by the analysis unit in the 
regional authentication processor whose fingerprint 40 
storage area 24 contains the fingerprint data associated 
with the authorized cellular telephone. 

In one embodiment, the regional authentication 
processor 2a of the region where the call originates 
transfers the captured transmission characteristics and 45 
other data to the analysis unit 20 for the remotely 
located region where the fingerprint data is stored for 
analysis by the analysis unit 20 at a location remote 
from the originating regional processor. For example, if 
the present call from the unauthenticated cellular tele- 50 
phone call occurs in region 1, the region 1 authentica- 
tion processor 2a captures the transmission 
characteristics and other data from the unauthenticated 
cellular telephone. The region 1 authentication proces- 
sor 2a transfers the captured transmission characteris- 55 
tics and other data via the communications processor 
101 to the analysis unit 20 in the region in which the fin- 
gerprint data is stored, for example in region 2. The 
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analysis unit 20 of region 2 accesses the fingerprint 
storage area 24 for region 2 and performs the analysis 
of the captured transmission characteristics and other 
data with respect to the stored fingerprint in a known 
manner. The region 2 analysis unit 20 determines 
whether the present call is a valid call from the author- 
ized cellular telephone or an invalid call from a fraudu- 
lent cellular telephone. The region 2 analysis unit 20 
transmits the results of the analysis back to the region 1 
authentication processor 2a via the communications 
processor 101 and communication lines 102. In this 
manner, the fingerprint data associated with a particular 
authorized cellular telephone is stored in only one loca- 
tion. This permits the easy update of the fingerprint data 
since it is stored in only one location. 

In an alternative embodiment, the stored fingerprint 
data is transferred from the fingerprint storage area 24 
to the regional authentication processor in which the 
present call is originating for analysis by the regional 
authentication processor in the originating region. That 
is, if the call is originating in region 1, the region 1 
authentication processor 2a captures the transmission 
characteristics and other data from the unauthenticated 
cellular telephone. The region 1 authentication proces- 
sor 2a requests the transfer of the fingerprint data asso- 
ciated with the transmitted ESN/MIN. The 
communications processor 101 links the region 1 
authentication processor 2a via the communications 
lines 102, to the appropriate region whose fingerprint 
storage area 24 contains the necessary fingerprint 
data, for example in region 2. The fingerprint data is 
transferred from the region 2 fingerprint storage area 
24, via the communications processor 101 to the region 
1 authentication processor 2a. The region 1 analysis 
unit 20 performs the analysis in a known manner to 
determine whether the present call is a valid call from 
the authorized cellular telephone or an invalid call from 
a fraudulent cellular telephone. Thus, the fingerprint 
data may be transferred from the region in which the 
data is stored to the regional authentication processor in 
which the call is originating, or the captured transmis- 
sion characteristics and other data may be transferred 
from the region in which the call is originating to the 
region whose fingerprint storage area 24 contains the 
data associated with the authorized cellular telephone. 

For the sake of clarity, Figure 3A illustrates a single 
communications processor 101. However, in an exem- 
plary embodiment of the system 100, each regional 
authentication processor 2a contains its own communi- 
cations processor 101, as shown in Figure 3B. The 
communications processors 101 in each regional 
authentication processor 2a communicate with each 
other via the communication lines 102. The communica- 
tion lines 102 may be any suitable form of communica- 
tion line, such as a dial-up modem, a high speed 
communication line, such as an ISDN line, a wireless 
link, such as a microwave link, direct wire connection, 
network connection, or the like. The present invention is 
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not limited by the specific form of the communication 
lines 102. 

A distributed authentication system offers the twin 
advantages of a smaller storage requirement for the fin- 
gerprint storage area 24 as well as a lower requirement 
for computer power due to the lower call traffic volume 
within each region as compared with the high traffic vol- 
ume of a central authentication processing system. 
However, in one embodiment, the fingerprint storage 
area 24 of one region, for example in region 3, can be a 
central fingerprint storage area, which acts as a clear- 
inghouse for fingerprint data for ail regional authentica- 
tion processors. With a central fingerprint storage area, 
each regional authentication processor 2a captures 
transmission characteristics from unauthenticated cellu- 
lar telephones and, using the communications proces- 
sor 101, either transfers the captured transmission 
characteristics to the analysis unit 20 of the central 
authentication processor or requests the transfer of fin- 
gerprint data from the fingerprint storage area 24 of the 
central authentication processor for analysis by the 
regional authentication processor 2a in which the 
present call is originating, for example in region 1 . The 
advantage of a central clearinghouse using the finger- 
print storage area 24 is that fingerprint data is stored in 
a single location and may be readily updated. However, 
the disadvantage of this approach is that the central 
clearinghouse must have a large data storage capacity 
as well as a large amount of computing power to ana- 
lyze numerous authentication requests from all of the 
regional authentication processors 2a. 

There are known techniques by which to generate 
the fingerprint for storage within the fingerprint storage 
area 24. One example of the generation of a fingerprint 
is described in the above-referenced U.S. patent appli- 
cation entitled "Adaptive Waveform Matching for Use in 
Transmitter Identification." In normal operation, the 
regional authentication processor 2a for the region cor- 
responding to the MIN is used to generate the finger- 
print for storage in the fingerprint storage area 24. For 
example, if a particular cellular telephone has a MIN 
corresponding to region 2, the analysis unit 20 in region 
2 captures transmission characteristics and other data 
and, using known techniques, generates a fingerprint 
for storage within the fingerprint storage area 24 in 
region 2. If the cellular telephone is later used in region 
1 , the fingerprint data in the region 2 fingerprint storage 
area 24 is used in the manner described above to deter- 
mine whether the present call is from the authorized cel- 
lular telephone or a fraudulent cellular telephone. The 
transmission characteristics captured during the 
present call by the analysis unit 20 in region 1 can be 
used to update or supplement the fingerprint within the 
fingerprint storage area 24 in region 2. Techniques for 
analyzing additional capture transmission characteris- 
tics for possible inclusion in a fingerprint are also dis- 
cussed in the above-referenced pending patent 
application. 



In an alternative embodiment, the central finger- 
print storage area of one region, for example in region 3. 
can store fingerprint data for a cellular telephone whose 
MIN corresponds to a region (not shown) that does not 
5 have a fingerprint storage area 24. For example, a • 
region (not shown) that does not use the system 100 
may have no fingerprint storage area and thus would 
not typically have signature analysis capability. How- 
ever, the system 100 can capture transmission charac- 
10 teristics in any region containing the analysis unit 20 
and generate a fingerprint in a known manner. The gen- 
erated fingerprint may then be stored in the central fin- 
gerprint storage area. For example, if the cellular 
telephone whose MIN corresponds to a region (not 
yc shown) that has no fingerprint storage area 24 is used 
within region 1 , the region 1 analysis unit 20 can capture 
transmission characteristics from one or more calls from 
the unauthenticated cellular telephone. These captured 
transmission characteristics are used in a known fash- 
20 ion to generate a fingerprint for temporary storage in the 
region 1 fingerprint storage area 24. The fingerprint 
data may be subsequently transferred to the central fin- 
gerprint storage area of one region, for example in 
region 3. During subsequent use of the unauthenticated 
25 cellular telephone in any region, that region can use the 
fingerprint data in the central fingerprint storage area. 
For example, if the cellular telephone is subsequently 
used in region 2, the region 2 analysis unit 20 captures 
transmission characteristics from the subsequent call 
3Q and compares the captured transmission characteris- 
tics with the fingerprint stored in the central fingerprint 
storage area. Thus, the system 100 permits the genera- 
tion of fingerprint data in one region (e.g., region 1) for 
storage in a second region (e.g., region 3) for subse- 
3 . quent analysis by a third region (e.g., region 2). The 
region (not shown) associated with the MIN may later 
install the system 100. The analysis unit may be used to 
establish a new fingerprint or the fingerprint from the 
central fingerprint storage area may be transferred to 
40 the fingerprint storage area of the new region. The 
advantage of the distributed analysis is the ability to 
transfer data from one region to another for purposes of 
signature analysis. 

Figure 4 is afunctional block diagram that illustrates 
45 the operation of the system 1 00 in greater detail. For the 
sake of simplicity, Figure 4 illustrates a home region 103 
and a roaming region 104. It should be noted that the 
home region 103 is designated as a "home," but it may 
be any region that stores the fingerprint data associated 
so with a particular cellular telephone. It need not be the 
geographical region for the subscriber's cellular tele- 
phone. Thus, for purposes of the present discussion, 
"home region" simply refers to the region in which the 
reference data is stored for a particular cellular tele- 
55 phone. 

Within the home region 103 is a data collection unit 
108, a home region analysis unit 20 and a home region 
fingerprint storage area 24. It should be noted that 
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these components are portions of the conventional 
regional authentication processor 2a and are thus illus- 
trated in Figure 4 surrounded by a dashed line with the 
reference numeral 2a. The home region data collection 
unit 108 is coupled to a cell site controller 4 (see Figure 5 
2) and receives captured transmission characteristics 
and other data from the cell site controller for the home 
region. In addition to the captured transmission charac- 
teristics, the cell site controller 4 transmits the ESN/MIN 
of the unauthenticated cellular telephone and may also w 
transmit information such as the dialed digits (the desti- 
nation telephone number dialed by the unauthenticated 
cellular telephone), time of day, and other data related 
to the present call from the unauthenticated cellular tel- 
ephone. The data collection unit 108 is coupled to the 15 
home region analysis unit 20 and the home region fin- 
gerprint storage area 24. The home region analysis unit 
20 and home region fingerprint storage area 24 operate 
in a manner described above. It should be noted that 
the system 100 operates satisfactorily with any suitable 20 
signature analysis system. The present invention is not 
directed to signature analysis per se, but to a technique 
for transferring data used for signature analysis 
between various regions. 

A home region routing processor 110 is used to 25 
determine whether the unauthenticated cellular tele- 
phone is within its home region or if the unauthenticated 
cellular telephone is assigned to a different region. The 
home region routing processor 1 10 is used in conjunc- 
tion with a home region routing data storage area 1 1 4 to 30 
determine whether the unauthenticated cellular tele- 
phone has fingerprint data stored in the home region 
fingerprint storage area 24. As previously discussed, 
the system 100 uses the transmitted MIN of the unau- 
thenticated cellular telephone to determine whether the 35 
unauthenticated cellular telephone has data stored in 
the home region fingerprint storage area 24. As is well 
known in the art, the MIN includes the area code or 
NPA, a telephone exchange, designated by the teleph- 
ony industry as NXX and a subscriber number, desig- 40 
nated by the telephony industry as XXXX. A typical 
cellular telephone region will have one NPA and a range 
of NXX values that are part of that region. The home 
region routing processor 1 10 accesses the home region 
routing data storage area 1 1 4 to determine whether the 45 
transmitted MIN corresponds to the range of NPA and 
NXX values for the home region 103. 

The home region routing data storage area 114 
contains routing data, such as all NPAs and NXXs. The 
home region routing processor 110 can thereby readily so 
determine which region will have the fingerprint data for 
the authorized cellular telephone whose MIN has been 
transmitted by the unauthenticated cellular telephone. 
Alternatively, the transmitted ESN or other identification 
data may be used as an index to the home region rout- 55 
ing data storage area 114 to determine which region 
contains the fingerprint data corresponding to the 
authorized cellular telephone having the transmitted 



ESN/MIN. If the transmitted ESN/MIN corresponds to 
the home region 103, the home region fingerprint stor- 
age area 24 will contain data corresponding to the 
authorized cellular telephone whose MIN has been 
transmitted by the unauthenticated cellular telephone. 
The home region analysis unit 20 performs conventional 
signature analysis, or other data analysis, to determine 
whether the unauthenticated cellular telephone is the 
authorized cellular telephone or a fraudulent cellular tel- 
ephone. The home region routing data storage area 1 20 
may contain routing data for all regions within a country, 
such as the United States. Storing routing data for the 
entire country within the home region routing data stor- 
age area 120 has the advantage that a simple operation 
can be used to determine the region that contains the 
appropriate fingerprint data. However, the disadvantage 
of this approach is that changes in the NPA or NXX in 
one region require that the routing data storage area of 
each region be modified in order to properly route the 
data requests between regions. 

In a preferred embodiment, the home region routing 
data storage area 120 contains routing data only for the 
range of NPA and NXX values for the home region 103. 
If the unauthenticated cellular telephone transmits a 
MIN that does not fall within the range of the NPA and 
NXX values corresponding to the home region 103, a 
distributed routing system will determine the appropri- 
ate region whose fingerprint storage area contains the 
fingerprint data for the authorized cellular telephone 
corresponding to the transmitted MIN. The operation of 
this distributed routing system will be described in 
greater detail below. The system 100 also includes a 
home region communications processor 1 24 to commu- 
nicate with other regional authentication processors, as 
will also be described in detail beiow. 

The roaming region 104 includes identical compo- 
nents described above with respect to the home region 
103. For example, the roaming region 104 includes a 
roaming region data collection unit 108, which performs 
an identical function to that of the home region data col- 
lection unit 108. That is, the roaming region data collec- 
tion unit 108 is coupled to one or more roaming region 
cell site controllers and receives captured transmission 
characteristics and other data, such as ESN/MIN, from 
the cell site controllers within the roaming region 104. 
The roaming region data collection unit 108 is coupled 
to a roaming region authentication processor 20 and a 
roaming region fingerprint storage area 24. The roam- 
ing region authentication processor 20 and roaming 
region fingerprint storage area 24 operate in the man- 
ner described above. A roaming region routing proces- 
sor 118 and roaming region routing data storage area 
120 operate in the manner described above for the 
home region routing processor 110 and home region 
routing data storage area 1 14, respectively. That is, the 
roaming region routing processor 118 uses the cap- 
tured MIN or ESN and accesses the roaming region 
routing storage area 120 to determine whether the 
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roaming region fingerprint storage area 24 conta.ns fin- 
gerprint data for the authorized cellular telephone corre- 
spondinQ to the transmitted ESN/MIN of the 
unauthenticated cellular telephone. The roaming region 
104 also includes a roaming region commun.cat.ons 
orocessor 101 to control communications between the 
roaming region 104 and the home ^ion 103. The 
home region communications processor 101 and the 
roaming region communications processor 101 are cou- 
pled to each other by the communication line luz. 

If the unauthenticated cellular telephone is operat- 
ing within its home region, the fingerprint data is oca% 
available within the home region fingerprint storage 
area 24 The signature analysis is performed .n a well 
known fashion. However, if the unauthenticated cellular 
telephone is operating in the roaming region 104. a 
roaming region cell site controller will capture transmis- 
Sn characteristics and the ESN/MIN data from he 
unauthenticated cellular telephone. The roaming reg.on 
data collection unit 108 receives the captured transmis- 
sion characteristics and other data (e.g., the ESN/MIN) 
from the roaming region cell site controller. The roaming 
region routing processor 1 18 determines that the trans- 
mitted MIN corresponds to a different region. This .ndi- 
cates that the roaming region fingerprint storage area 
24 does not contain the necessary fingerprint data to 
authenticate the unauthenticated cellular telephone. 

The ESN/MIN transmitted by the unauthenticated 
cellular telephone is analyzed by the roaming region 
routing processor 118. The roaming region routing proc- 
essor 118, and roaming region routing data storage 
area 120 will determine that the unauthenticated cellu- 
lar telephone is assigned to the home reg.on 103. The 
roaming region communications processor 101 commu- 
nicates with the home region communications proces- 
sor 101 to transfer the captured transmiss.on 
characteristics and other data (e.g.. the ESN/MIN) from 
the unauthenticated cellular telephone to the home 
region 103 for analysis by the home region analysis unit 
20 The home region analysis unit 20 analyzes the cap- 
tured transmission characteristics and other data with 
respect to the fingerprint data stored in the home region 
fingerprint storage area 24 in a manner known in the art 
The decision engine 18 (see Figure 1) in the home 
region analysis unit 20 transmits the system output to 
the roaming region authentication processor 2a via he 
home region communications processor 10V and the 
roaming reg.on communications processor 101. In this 
embodiment, the captured transmission characteristics 
are transferred to the home region 103 for analysis and 
the result is returned to the roaming region 104. As pre- 
viously noted, in some embodiments, the decision 
engine 18 does not generate a system output if the 
preseni cellular telephone call is determined to be a 
valid call from the authorized cellular telephone. In that 
situation, the home region analysis unit 20 only returns 
data to the roaming region authentication processor 2a 
if the present call from the unauthenticated cellular tele- 



phone is determined to be an invalid call from a fraudu- 
lent cellular telephone. Otherwise the present call is 
allowed to be processed without interference. 

Alternatively, the roaming region communications 
s processor 101 requests the necessary fingerprint data 
from the home region fingerprint storage area 24 so that 
the roaming region analysis unit 20 may 
the unauthenticated cellular telephone. In th.s embodi- 
ment the home region fingerprint storage area 24 
10 transfers the fingerprint data to the roaming region 
authentication processor 2a via the home reg.on com- 
munications processor 101 and roaming region commu- 
nications processor 101. In this embodiment, the 
fingerprint analysis is performed by the roaming region 
,5 analysis unit 20 in the manner similar to that described 
sbovs 

The advantage of the system 100 is that fingerpr.nt 
data need be stored in only one location (i.e., the home 
region fingerprint storage area 24). This s a . distinct 
20 advantage over systems in which f .ngerpr.nt data must 
be distributed to every regional authentication proces- 
sor 2a because the stored fingerprint data for a cellular 
telephone may be readily updated if it is stored in only a 
single location. The captured transmission characteris- 
2 « tics and otha data are typically formed into a data file by 
the data collection unit (either the home region datacol- 
lection unit 108 or the roaming region data collection 
unit 108) for analysis by the home region analysis unit 
20 or the roaming region analysis unit 20. If the data f ile 
so associated with the captured transmission characteris- 
tics is approximately equal in size to the data file asso- 
ciated with the fingerprint for the author.zed cellular 
telephone the analysis can be performed by either the 
home region analysis unit 20 or the roaming reg.on 
35 analysis unit 20 without any decrease in performance of 
the system 100. That is. when the transmission of the 
fingerprint data for an unauthenticated cellar tele- 
phone from the home region fingerprint database 24 to 
the roaming region analysis unit 20 requires approxi- 
40 mately the same transmission bandwidth as does the 
transmission of the data file associated I with he cap- 
tured transmission characteristics and other data for the 
unauthenticated cellular telephone from the roaming 
region 104 to the home region analysis un.t 20. How- 
4 < ever, in most circumstances, the data file associated 
with the fingerprint data is significantly larger than the 
data file associated with the captured transmission 
characteristics and other data. As such, it is generaHy 
more efficient to transfer the captured transmission 
so characteristics and other data from the roaming region 
104 to the home region 103 for analysis by the home 
region analysis unit 20. However, with either embodi- 
ment, the system 100 still offers the advantage that the 
fingerprint data need only be stored in a single location^ 
« m yet another alternative embodiment, a copy of 
" fingerprint data may be transferred from the home 
region 1 03 to the roaming region 104 for temporary stor- 
age in the roaming region fingerprint storage area 134. 



9 



BNSDOCID <EP 0862344A2J_> 



EP 0 862 344 A2 



This is particularly useful when a cellular telephone is in 
a roaming mode for an extended period of time. For 
example, a user may place several calls while in the 
roaming region 104. It may be more efficient to transfer 
a copy of the fingerprint data from the home region fin- 5 
gerprint storage area 24 for a temporary storage in the 
roaming region fingerprint storage area 24. In this 
embodiment, the copy of fingerprint data, which is now 
locally stored, may be used to analyze additional subse- 
quent calls from the roaming cellular telephone. The 10 
transferred fingerprint data may be temporarily stored in 
the roaming region fingerprint storage area 24 for a pre- 
determined period of time. For example, the temporarily 
transferred fingerprint data could be stored until no 
additional calls have been received from that cellular tel- 75 
ephone for a predetermined period of time, such as a 
week. Thus, all unused fingerprint data files that have 
been transferred from other regions are considered 
"stale" and may be discarded. In addition, there are 
known techniques for updating fingerprint data. The 20 
system 1 00 can analyze data captured by the roaming 
region data collection unit 108 for possible inclusion 
within the fingerprint data. Typically, the data would not 
be used to update the temporarily transferred finger- 
print, but is transferred to the home region 103 for anal- 25 
ysis and possible inclusion as a portion of the fingerprint 
data in the home region fingerprint storage area 24. 

The various operations and data processing steps 
performed by the system 100 are illustrated in Figure 5. 
Figure 5 illustrates an example wherein region 1 and 30 
region 2 contain identical components. In the example 
illustrated in Figure 5, the unauthenticated cellular tele- 
phone is operating in region 1 . The captured transmis- 
sion characteristics and other data are referred to in 
Figure 5 as captured data or event data. The techniques 35 
used to capture data are well-known in the art. and 
need not be described herein. The captured data 
includes the ESN/MIN of the unauthenticated cellular 
telephone. The captured data is provided to a routing 
routine 130 to determine whether the MIN corresponds 40 
to an authorized cellular telephone in region 1 . 

If the captured data corresponds to a cellular tele- 
phone whose fingerprint data is stored in the region 1 
fingerprint storage area 24, the region 1 authentication 
processor 2a (see Figures 3A and 3B) will process the 45 
data in a conventional manner. As will be discussed in 
greater detail below, the routing routine 130 uses data 
from a region 1 routing data storage area 134 to deter- 
mine whether the ESN/MIN of the unauthenticated cel- 
lular telephone corresponds to region 1 160. For so 
example, the NPA (area code) can be used by the rout- 
ing routine 180 to readily determine whether the unau- 
thenticated cellular telephone is from region 1 . If the 
unauthenticated cellular telephone is not from region 1 , 
the system 100 will transfer the captured data to the 55 
region whose fingerprint data storage area 24 (see Fig- 
ures 3A and 3B) contains the correct fingerprint data, or 
transfer the fingerprint data to the region 1 authentica- 



tion processor 2a for analysis. 

In the example illustrated in Figure 5, it is assumed 
that the unauthenticated cellular telephone is from 
region 2, and has a fingerprint stored in the region 2 fin- 
gerprint storage area 24. In the first embodiment, the 
captured data is transferred from region 1 to region 2 for 
analysis within the region that stores the fingerprint data 
corresponding to the transmitted ESN/MIN. The region 

1 routing routine 130 transfers the captured data to an 
identical routine 130 in region 2. The region 2 routing 
routine 130 uses data from a region 2 routing data stor- 
age area 140. The region 2 routing routine 130 uses 
routing data in the region 2 routing data storage area 
1 40 to confirm that the captured data corresponds to a 
cellular telephone from region 2. The captured data is 
passed from the region 2 routing routine 130 to a finger- 
print server (FPSRV) routine 144. The region 2 FPSRV 
routine 144 passes the captured data to an analysis 
routine 146 in region 2 for analysis of the captured data 
with respect to the stored fingerprint data in the region 2 
fingerprint storage area 24. As previously discussed 
any suitable form of signature analysis may be used in 
the system 100. 

In addition to routing captured data from the region 

2 routing routine 130 to the region 2 analysis routine 
146, the region FPSRV routine 144 controls access to 
the region 2 fingerprint storage area 24. The region 2 
fingerprint storage area 24 may use any commercial 
database, such as the relational databases produced by 
Oracle Corporation, or other conventional relational 
database. Such commercial database storage systems 
are simple to implement and work satisfactorily for low 
call volumes. However, for greater call volume, the 
region 2 fingerprint storage area 24 is an index-based 
storage system. In an index-based storage system, the 
region 2 FPSRV routine 144 calculates an index value 
based on the ESN and/or MIN and uses the calculated 
index value as a pointer to a specific location within the 
region 2 fingerprint storage area 24. Such an index- 
based storage system decreases the access time to 
retrieve the fingerprint data from the region 2 fingerprint 
storage area 24 and allows the processing of a greater 
call volume than is possible with a relational database. 

As previously discussed, the region 2 analysis rou- 
tine 146 analyzes the captured data with respect to the 
stored fingerprint data and determines whether the 
present call is a valid call from the authorized cellular 
telephone or an invalid call from a fraudulent cellular tel- 
ephone. The results of the analysis are provided to the 
region 2 FPSRV routine 144 by the region 2 analysis 
routine 146. The region 2 FPSRV 144 provides a roam- 
ing call decision to an action routine 150 in the region 1 . 
The roaming call decision may include analysis data as 
well as a go/no-go binary-type response. If the present 
call is a local call, the FPSRV routine 182 provides a 
local call decision to an action routine 186. The local call 
decision includes a go/no-go binary-type response. 

The region 1 action routine 1 50 generates an inter- 
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diction signal or a confirmation signal as the system out- 
put 20 to the cell site controller 4 (see Figure ) in region 
? if the cell site controller requires a conf.rmat.on signal. 
As previously noted, some cell site controllers 4 require 
a message indicating whether or not the present call .s 
vaTd or invalid. Other types of cell site ' controllers 4 
require a message only in the event that the present C a 
is determined to be an invalid call from a ^"'^ 
lular telephone. The region 1 action rout.ne 150 may be 
designed to accommodate the specif ,c W ement * °< 
the cell site controller 4 with which the system 100 .s 
operating. 

The region 1 action routine 150 also forwards data 
to a logger routine 154 in region 1 The region 1 logger 
routine 154 records the results of the analys.s in an 
event storage area 156 in region 1. In ar . exemplary 
embodiment, the region 1 event storage area 156 uses 
a commercial relational database, such as produced by 
Sybase Incorporated. The region 1 logger routine 154 
can also record additional data, such as the captured 
data, including the ESN/MIN. The region 1 logger ^ rou- 
tine 1 54 can be configured to record events from al cel- 
lular telephone calls including valid and invalid cellular 
telephone calls. Alternatively, the region 1 logger rout.ne 
154 can be configured to record only event data associ- 
ated with invalid calls from fraudulent cellular tele- 
phones. The region 1 logger routine 154 is also coupled 
to a user interface (Ul) server 160 in region 1 The 
region 1 Ul server 160 simply allows user access to the 
data within the region 1 event storage area 1 56 and per- 
mits the cell site operator to determine the type and for- 
mat of data to be displayed using a user interface (not 

shown). . . , . ■ 

In an alternative embodiment, the fingerprint data is 
transferred from region 2 to region 1 for analysis within 
region 1. If the region 1 routing routine 130 has 
requested the transfer of fingerprint data to region 1 
from region 2, that data transfer request is processed by 
the region 2 FPSRV routine 144 to access the reg.on 2 
fingerprint storage area 24. The fingerprint data is 
transferred from the region 2 to a FPSRV rout.ne 144 in 
region 1 for analysis by an analysis routine 146 in the 
region 1. The region 1 FPSRV 144 and region 1 analy- 
sis routine 146 operate in an identical manner to the 
region 2 FPSRV 144 and region 2 analys.s routine 14b. 
In this embodiment, the region 1 analysis routine 146 
analyzes the captured data with respect to the finger- 
print data received from the region 2 fingerprint storage 
area 24 Once the fingerprint data has been transferred 
to the region 1 FPSRV routine 144, the steps performed 
by the region 1 analysis routine 146, region 1 act.on rou- 
tine 1 50, and region 1 logger routine 1 54 are identical to 
those previously described. For the sake of brevity, that 
description will not be repeated. 

The region 2 also includes a logger routine 154 ana 
event storage area 156, as well as a user interface 
server 160. These components operate in an identical 
manner to the corresponding components in region 



and need not be described again. The region 2 logger 
routine 154 is coupled to and receives date from a 
region 2 action routine 150 in region 2. In add.t.oa the 
region 2 logger routine 1 54 is coupled to and exchanges 
5 Sa with the region 1 logger routine 156. This dossi 
one region to access the event storage area 1 92 of a dif- 
ferent region and thereby generate reports as needed. 

In the embodiments discussed above, the region 1 
routing routine 130 accesses the region 1 rout.ng data 
to storage area 134 to determine which region contains 
the fingerprint data associated with the authorized cellu- 
lar telephone. In a conventional cellular telephone sys- 
tem routing data tables in each region contain data for 
the NPAs of all telephone systems throughout the coun- 
,c try However, a serious disadvantage of this system is 
that the size and complexity of routing data tables of this 
type increases cost. In addition, updating rout.ng data 
tables of this type is a monumental task. ^ . 
one region of the country adds a new NPA (area code) 
20 or a new NXX, the routing data tables of every reg.on in 
the entire country must be updated to include the new 
NPA or NXX. For example, a new NXX wrth.n the 206 
area code in the western Washington area must be 
added to each and every routing data table throughout 
25 the country. If a service provider in New Jersey, for 
example, fails to update its routing data tables m a 
M fashion, a user in New Jersey will be unable to 
place calls to the new NXX in the 206 area code 
because the local system will not recognize such an 
so NXX. This has proven to be a real problem. To over- 
come this problem, the system 100 uses a un,que tech- 
nique for updating the telephone routing informs ton 

Figure 6 is a functional block diagram illustrating the 
operation of the system 100 when updating rout.ng 
36 processor data storage areas. As illustrated in Figure 6 
°he routing processor storage areas are ; togicaHy 
arranged in a hierarchical fashion. At the lowest level of 
the hierarchy are the regional routing processors such 
as the home region routing processor 110 (see Figure 
40 4) and the roaming region routing processor 1 1 8. At he 
next highest level in the logical hierarchy are routing 
processors that control routing between two or more 
Lional processors. This logical hierarchy continues 
wi?h each successively higher level filing routing 
45 between more and more regions. At the top of the hier- 
archy is a single routing processor that contains routing 
data for the entire country, for example. 

Figure 6 illustrates a region 1 routing processor 200 
coupled to a region 1 routing data storage area 202. A 
so region 2 routing processor 204 is coupled to a region 2 
routing data storage area 206. Similarly, region 3 and 
region 4 routing processors 210 and 214 « . coup.ed^o 
respective routing data storage areas 212 and 216. The 
region 1 routing data storage area 202 contains infor- 
5 * mation used to identify all cellular telephones whose 
MINs, or other identification data, subscribe to service 
provider in region 1 . The region 1 routing processor 200 
implements the region 1 routing routine 150 (see Figure 
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5) to determine whether the transmitted identification 
data {e.g., the ESN/MIN) of the unauthenticated cellular 
telephone matches the data entries in the region 1 rout- 
ing data storage area 202. As previously discussed, the 
NPA and NXX portions of the MIN transmitted from the 5 
unauthenticated cellular telephone can be compared 
with the data in the region 1 routing data storage area. 
If the transmitted NPA and/or NXX are not within the 
range of data values stored in the region 1 routing data 
storage area 202, the region 1 routing processor 200 w 
cannot determine the region in which the fingerprint 
data is stored. Therefore, the region 1 routing processor 
200 relays the identification data {e.g., the ESN/MIN) to 
the next highest level in the hierarchical routing system. 
In one embodiment, the routing processor 200 relays all 75 
captured data, including captured transmission charac- 
teristics, to the next highest level in the hierarchical rout- 
ing system. Alternatively, only identification data is 
relayed by the hierarchy of routing processors. 

In the example illustrated in Figure 6, a region 1,2 20 
routing processor 220 is coupled to a region 1 ,2 routing 
data storage area 222. The region 1 ,2 routing data stor- 
age area 222 contains routing data (e.g., the NPA and 
NXX) for all authorized cellular telephones for both 
region 1 and region 2. Thus, if the unauthenticated eel- 25 
lular telephone, which is operating in region 1 , has fin- 
gerprint data stored in region 2, the region 1 ,2 routing 
processor 220 can identify region 2 as the home region 
for the unauthenticated cellular telephone. At the lowest 
level of the hierarchy, the routing data storage areas 30 
contain routing data only for its own region. The routing 
processor at the next level of the hierarchy {e.g., the 
region 1 ,2 routing processor 220) can control routing for 
all regions coupled to it at a lower level in the hierarchy. 
Thus, the region 1 routing data storage area 202 con- 35 
tains only information for region 1, while the region 2 
routing data storage area 206 contains routing data only 
for region 2. The routing data storage area at the next 
highest level of the hierarchy contains routing data for a 
number of regional processors. As illustrated in Figure 40 
6, the region 1 ,2 routing data storage area 222 contains 
routing data for both region 1 and region 2. Similarly, a 
region 3,4 routing processor 226 is coupled to a region 
3,4 routing data storage area 228. The region 3,4 rout- 
ing data storage area 228 contains routing data for both 45 
region 3 and region 4. 

The hierarchical routing system illustrated in Figure 
6 requires routing processors to go to successively 
higher levels in the hierarchy until the home region for 
an unauthenticated cellular telephone has been identi- 50 
tied. For example, a call to a cell site controller within the 
home region for the authorized cellular telephone is 
processed within that particular region. If a call to a cell 
site controller in region 1 has fingerprint data contained 
in region 2, the region 1 ,2 routing processor, using data 55 
in the region 1 ,2 routing data storage area 222, will con- 
trol communications between regions 1 and 2, respec- 
tively. The hierarchy illustrated in Figure 6 may be 



organized in any convenient fashion. For example, 
region 1 may cover the western Washington area, while 
region 2 covers eastern Washington. The region 1 rout- 
ing data storage area 202 contains routing data only for 
western Washington. Similarly, the region 2 routing data 
storage area 206 only contains routing data for eastern 
Washington. However, the region 1,2 routing data stor- 
age area 222 contains routing data for both eastern and 
western Washington. 

If a cellular telephone call originates in region 1 by 
a cellular telephone with its fingerprint data stored in 
region 3, neither the region 1 routing processor 200 nor 
the region 1 ,2 routing processor 220 will be able to iden- 
tify the correct home region for the unauthenticated cel- 
lular telephone. The region 1 routing processor 200 will 
relay the identification data to the region 1,2 routing 
processor 220. Because the region 1,2 routing proces- 
sor 220 cannot identify the home region for the unau- 
thenticated cellular telephone, the region 1,2 routing 
processor relays the identification data to the next high- 
est level in the hierarchy, i.e., a region 1,2,3,4 routing 
processor 232, which is coupled to a region 1 ,2,3,4 rout- 
ing processor 234. The region 1,2,3,4 routing processor 
234 can identify authorized cellular telephones from 
regions 1 to 4. In the present example, the region 
1 ,2,3,4 routing data storage area 234 contains data that 
identifies region 3 as the home region for the unauthen- 
ticated cellular telephone. Extending the example previ- 
ously discussed wherein region 1 includes western 
Washington and region 2 includes eastern Washington, 
region 3 may cover the western Oregon area, while the 
region 4 covers eastern Oregon. The region 3 routing 
data storage area 212 contains information for cellular 
telephones from western Oregon, while the region 4 
routing data storage area 216 contains data for eastern 
Oregon. The region 3,4 routing data storage area 228 
contains routing data for both western Oregon and east- 
ern Oregon. The region 1,2,3,4 routing data storage 
area 234 contains routing data for all of Washington and 
Oregon. The next highest level in the hierarchy (not 
shown) may contain routing data for the northwest 
United States, including Washington, Oregon, Idaho, 
and Montana. Thus, it can be seen that geographical 
regions or markets can be organized into a hierarchy 
such that the lowest levels of the hierarchy contain only 
local routing information and successively higher levels 
of the hierarchy contain additional routing information. 

As previously discussed, the system 100 can trans- 
fer captured transmission characteristics and other data 
from the roaming region to the home region for analysis, 
or request fingerprint data from the home region for 
analysis by the region in which the present call is origi- 
nating. Once the home region has been identified, com- 
munication between the region in which the 
unauthenticated cellular telephone is located and the 
home region may be established directly. This is partic- 
ularly useful when the fingerprint data is to be trans- 
ferred from the home region to the roaming region for 
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analysis within the roaming region because the finger- 
p in data may be transferred directly from the home 
Beaton fingerprint storage area 24 (see F.gure 4) to the 
Sg region without the necessity of 
print data through the various routing processors. For 
Ke embodiment where captured transm.ss.or . charac- 
teristics and other data are transferred to the home 
egSn the captured data may be transferred dnrty 
from the roaming region to the home region. Alterna- 
S the captured data may be passed from the roam- 
ng region to the next hierarchical level along wrth the 
identtTcation data if it cannot be process* wrth.n the 
roaming region. In the example d.scussed above, the 
ZZ ? routing processor 200 recognizes that rt cannot 
process the captured data from the unauthert.cated cel- 
lular telephone (because the fingerprint data .s not 
scored inregion 1 , but rather in region 3). Therefore, the 
rSS 1 routing processor 200 passes the captured 
date to the region 1,2 routing processor 220. Because 
L identification data (e.g., the M.N) is not coined 
within the region 1 ,2 routing data storage area 222^ he 
region 1,2 routing processor 220 passes the captured 
data to the next highest level in the h.erarchy. In the 
present example, the region 1,2 routing processor^ 220 
passes the captured data onto the region 1 ,2,3,4 routing 
processor 232. The region 1,2,3,4 routing processor 
232 uses data within the region 1,2,3,4 routing data 
storage area 234 to identify region 3 as the home region 
for the unauthenticated cellular telephone. The region 
1 2 3.4 routing processor 232 passes the captured data 
down to the region 3 routing processor 210 > via i the 
region 3,4 routing processor 226. This permits the anal- 
yst of captured data within the region that stores the 
fingerprint corresponding to the authorized cellular tele- 
phone As previously discussed, the authentication 
processor (not shown) within region 3 performs a con- 
ventional signature analysis and passes the result back 
to the region 1 authentication processor (not shown) 
using the various routing processors. 

It should be noted that, in an exemplary embod.- 
ment signature analysis is only performed at the lowest 
level' of the hierarchy by analysis units wrth.n the 
regional authentication processors. For example, the 
region 1,2 routing processor 220 only prov.des rout.ng 
information and does not perform signature ana ya* 
Alternatively, the region 1.2,3,4 routing processor 232 
may be part of its own authenticate system. In such 
circumstances, the region 1 ,2,3,4 routmg processor 232 
may retain the captured data transferred from the region 
1 2 routing processor 220 and transmit a request for 
transfer of the fingerprint data from region 3. A finger- 
print data transfer request is relayed to the region 3 rout- 
ing processor 210 via the region 3,4 routing processor 
226 and the fingerprint data is transferred to an analys.s 
unit (not shown) for the region 1 ,2,3,4. 

in yet another alternative, a fingerprint data storage 
area 24 may be associated with region 1,2,3,4. In this 
embodiment, the region 1 ,2.3,4 fingerprint data storage 



area 24 serves as a central fingerprint storage area, as 
described above. The central fingerprint storage area 
24^n hfregion 1 ,2.3.4 may be used for storage of fin- 
gerprint data for cellular telephones whose MM corre- 
sponds to a region that does not have the system 100. 
SthTs embodiment, the other regional routing ^proces- 
L. such as the region 1 routing processor 200^ be 
unable to identify a region corresponding to the trans 
rnitted MIN At each successive level of the h.erarchy. 
Siting processor, such as the region 12 routing 
D rocessor 220. will be unable to identify the reg.on 
SocSted with the MIN until the level of the region 
TS f where the fingerprint data in the centra^ finger- 
print storage area in the region 1 A W » £ 
analysis unit (not shown) in region 1 ,2,3.4. The central 
"ngerprint storage area effectively functions as a home 
region for cellular telephones that might otherw.se be 
hTeless. Thus, it is apparent to those of ordmao rsk. 
in the art that a distributed authentication system offers 
a variety of possible occasions for data storage and 
data analysis. This is particularly advantageous jn a 
dynamic system, such as the cellular telephone indus- 
try where large numbers of new users cause i serv.ce 
providers to continually adjust their NPA and NXX val- 

Another distinct advantage of the hierarchical rout- 
ing system illustrated in Figure 6 is the ability to update 
data in the routing data storage areas^ As d.scussed 
above conventional systems require that each of the 
roXg data storage areas contain data for all areas of 
the country. This is impractical in a dynamic srtua .on, 
such as the cellular telephone industry, where continu- 
ous cnanges in the NPA and NXX values would requ.re 
massive changes in all routing 
the country. Instead, the system 100 of the present 
nventon provides a unique technique for automatically 
Sing routing information. Using the system .us- 
trated in Figure 6, the region 3 rout.ng processor for 
example does not need to know region 1 routing mfor- 
S Thus, the routing data in the region 3 routmg 
data storage area 212 pertains only to region 3_ S.m. 
larly, the region 4 routing data storage area 216 need 
only contain data pertaining to region 4 q However ;tm 
region 3.4 routing data storage area 228 must conta.n 
data for both region 3 and region 4 

Routing data within the regional routing data stor- 
age areas may be readily changed us ing corwertiona 
techniques. For example, the region 3 rout.ng data stor 
age area 212 could be altered by the service provider to 
fndude a new NXX. The service provider mere* 
accesses the data using a computer term.nal (not 
Swn, and alters the data within the region 3 routing 
aate storage area 212. With the system of the present 
tventn, a change in the region 3 routing data storage 
area 212 will have no effect on the data in the reg.on 4 
routing date storage area 216. However, the alteration 
of the data within the region 3 routing data storage area 
212 is detected and those changes are passed up the 
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hierarchical system so that each routing data storage 
area at a higher level within the chain is automatically 
updated. Many different well-known techniques, such 
as check sums, cyclic redundancy checks, or the like, 
can be used to detect changes to the routing data stor- 5 
age area. In an exemplary embodiment, the routing 
data storage area contains a date indicating the last 
alteration of data within the routing data storage area. 
For example, assume that the region 3 routing data stor- 
age area 212 has been revised to include a new NXX. w 
The new NXX is added to the region 3 routing data stor- 
age area 212, causing a change in the last update date. 
The region 3 routing processor 210 detects the change 
in the last update data and relays the altered routing 
data from the region 3 routing data storage area 21 2 up 75 
to the region 3,4 routing processor 226. The region 3,4 
routing processor 226 updates the region 3,4 routing 
data storage area 228 and changes the last update date 
for the region 3,4 routing data storage area. The altera- 
tion of the region 3,4 routing data storage area 228 is 20 
detected by the region 3,4 routing processor 226, which 
relays the altered routing data from the altered routing 
data storage area to the next higher hierarchical level. In 
the example above, the region 3,4 routing processor 
226 relays the altered routing data from the region 3,4 25 
routing data storage area 228 up to the region 1,2,3,4 
routing processor 232, which in turn updates the region 
1 ,2,3,4 routing data storage area 234. Thus, changes in 
lower levels of the hierarchy are automatically relayed to 
upper levels of the hierarchical routing system. The 30 
advantage of this technique is that routing data is auto- 
matically updated at each successively higher level. 
This eliminates the reliance on operators to promptly 
alter all routing data tables. 

Even if each routing data table contains data for all 35 
areas, the same technique can be used to relay routing 
data back down the hierarchical chain. This technique is 
effective not only with the wireless communications val- 
idation exemplified by the system 100, but is also useful 
to update the routing data tables of any telephone call- 40 
ing system. For example, the current telephone routing 
data tables could be updated in a similar manner. Thus, 
the addition of a new NPA or NXX in one region of the 
country will automatically ripple through other regions of 
the country until all routing data tables have been 45 
updated appropriately. While the example of Figure 6 is 
limited to three levels of hierarchy, the principles may be 
readily extended to any number of regions, collections 
of regions, and the like. In addition, many different vari- 
ations are possible. For example, the region 1 ,2 routing 50 
processor 220 is used to control routing for regions 1 
and 2. However, the region 3,4 routing processor can 
control more than two regions. Furthermore, the princi- 
ples of the present invention are readily extendible to 
more than the three levels of hierarchy illustrated in Fig- 55 
ure 6. 

It is to be understood that even though various 
embodiments and advantages of the present invention 



have been set forth in the foregoing description, the 
above disclosure is illustrative only, and changes may 
be made in detail, yet remain within the broad principles 
of the invention. Therefore, the present invention is to be 
limited only by the appended claims. 

Claims 

1 . A distributed system for the validation of a wireless 
communication using a customer wireless tele- 
phone in a wireless telephone system, the system 
comprising: 

a plurality of authentication processors, each 
serving a separate service area with a particu- 
lar one of said plurality of authentication proc- 
essors having a data collection element to 
acquire authentication data from an unauthen- 
ticated wireless telephone, said particular proc- 
essor acquiring authentication data from an 
unauthenticated wireless telephone during a 
present communication with the unauthenti- 
cated wireless telephone; 
a storage area containing reference data asso- 
ciated with the customer wireless telephone; 
an analysis unit to analyze said acquired 
authentication data with respect to said stored 
reference data associated with the customer 
wireless telephone to determine if the unau- 
thenticated wireless telephone is the customer 
wireless telephone or a fraudulent wireless tel- 
ephone, said analysis unit generating an indi- 
cator indicating that said analysis unit has 
determined the unauthenticated wireless tele- 
phone to be one of the customer wireless tele- 
phone and a fraudulent wireless telephone; 
and 

a communication processor to control commu- 
nication between said particular processor, 
said storage area and said analysis unit, 

2. The system of claim 1 wherein said particular proc- 
essor is a first of said plurality of authentication 
processor that serves a first service area and 
includes said data collection element to acquire 
authentication data from an unauthenticated wire- 
less telephone during a present communication 
with said unauthenticated wireless telephone, and 
a second of said plurality of authentication proces- 
sor that serves a second service area different from 
said first service area and includes a storage area 
containing reference data associated with the cus- 
tomer wireless telephone. 

3. The system of 1 wherein said analysis unit is a por- 
tion of said particular processor and said storage 
area is a portion of a second of said plurality of 
authentication processors, said communication 
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processor routing said stored reference data from 
said second of said plurality of authentication proc- 
essors to said analysis unit of said particular proc- 
essor to permit said analysis of said acquired 
authentication data with respect to said stored ref- 
erence data in said particular processor. 

The system of claim 3 wherein said communication 
processor routes said stored reference data from 
said second of said plurality of authentication proc- 10 
essors to said analysis unit of said particular proc- 
essor during said present communication and said 
analysis unit performs said analyse of said 
acquired authentication data with respect to said 
stored reference data during said present commu- i- 
nication. 

, The system of 1 wherein said analysis unit and said 
storage area are portions of a second of said plural- 

ity of authentication processors, said communica- 
tion processor routing said acquired authentication 
data from said particular processor to said analysis 
unit of said second of said plurality of authentication 
processors to permit said analysis of said acquired 
authentication data with respect to said stored ref- a. 
erence data in said second of said plurality of 
authentication processors. 



40 



6 The system of claim 5 wherein said communication 
' processor routes said acquired authentication data so 
from said particular authentication processor to 
said analysis unit of said second of said plurality of 
authentication processors during said present com- 
munication and said analysis unit performs said 
analysis of said acquired authentication data with 3~ 
respect to said stored reference data during said 
present communication. 

7 The system of 1 wherein said communication proc- 
essor routes said stored reference data from said 
storage area to said analysis unit during said 
present communication and said analysis unit per- 
forms said analysis of said acquired authentication 
data with respect to said stored reference data dur- 
ing said present communication. 

8 The system of claim 2 wherein said second service 
area is designated as a home service area of a 
wireless service provider for the customer wireless 
telephone, the system further including a third so 
authentication processor serving both of said first 
and second service areas, said analysis unit being 
associated with said third authentication processor, 
said communication processor also controlling 
communication with said third authentication proc- 55 
essor wherein said communication processor 
routes said acquired authentication data from said 
first authentication processor to said third authenti- 



cation processor and routes said stored reference 
data from said storage area in said second authen- 
tication processor to said third authentication proc- 
essor. 

9 The system of claim 8 wherein said communication 
processor routes said acquired authentication data 
from said first authentication processor to said anal- 
ysis unit associated with said third authentication 
processor during said present communication and 
said analysis unit performs said analysis of said 
acquired authentication data with respect to said 
stored reference data during said present commu- 
nication. 

10 The system of any of the preceding claims 1 and 2 
" wherein said particular processor generates an 

interdiction signal to indicate that said present com- 
munication is invalid if said response indicator indi- 
cates that the unauthenticated wireless telephone 
has been determined to be a fraudulent wireless 
telephone. 

1 1 The system of any of the preceding claims 1 and 2 
wherein said particular processor generates an 
authorization signal to indicate that said,;present 
communication is valid if said response indicator 
indicates that the unauthenticated wireless tele- 
phone has been determined to be the customer 
wireless telephone. 

12 The system of any of the preceding claims 1 and 2 
' wherein said communication processor routes said 
stored reference data from said storage area to 
said analysis unit at a time prior to said present 
communication and said analysis unit performs 
said analysis of said acquired authentication data 
with respect to said stored reference data during 
said present communication. 



13 The system of any of the preceding claims 1 and 2 
wherein said analysis unit further analyzes said 
acquired authentication data for inclusion as a por- 
tion of said stored reference data. 

14 The system of claim 1 3 wherein said data collection 
' element acquires subsequent authentication data 

from said unauthenticated wireless telephone dur- 
inq a subsequent communication with said unau- 
thenticated wireless telephone subsequent to said 
present communication and said analysis unit ana- 
lyzes said subsequently acquired authentication 
data with respect to said stored data, including said 
portion of said stored reference data if said analysis 
unit included said acquired authentication data as 
said portion of said stored reference data. 

1 5. The system of any of the preceding claims 1 and 2 
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for use with a wireless telephone transmitting iden- 
tification data identifying the unauthenticated wire- 
less telephone as said customer wireless telephone 
wherein said storage area is associated with one of 
said plurality of authentication processors, the sys- 5 
tern further including a routing data storage area to 
store routing data in association with the identifica- 
tion data of the wireless telephone identifying said 
storage area as being associated with a specific 
one of said plurality of authentication processors, w 
and a routing processor to access said routing stor- 
age area for said routing data associated with the 
identification data of the wireless communication 
device, said routing processor using said routing 
data to determine with which one of said plurality of 15 
authentication processors is associated with said 
storage area to obtain from said storage area said 
stored reference data associated with the customer 
wireless telephone for use by said analysis unit. 

20 

16. The system of any of the preceding claims 1 and 2 
for use with a wireless telephone transmitting iden- 
tification data wherein said storage area is associ- 
ated with one of said plurality of authentication 
processors, the system further including a routing 25 
processor associated with each of said plurality of 
authentication processors to determine with which 

of said plurality of authentication processors said 
storage area is associated, and a corresponding 
routing data storage area associated with each of 30 
said routing processors to store routing data in 
association with the identification data of the wire- 
less communication device identifying said storage 
area as being associated with a specific one of said 
plurality of authentication processors, said routing 35 
processor accessing said corresponding routing 
storage area for said routing data associated with 
the identification data of the wireless communica- 
tion device. 

40 

17. The system of claim 16, further including means 
within a first one of said routing processors for alter- 
ing said routing data in said corresponding routing 
data storage area. 

45 

18. The system of claim 17 wherein said first routing 
processor generates an alteration indicator to indi- 
cate alteration of said routing data in said corre- 
sponding routing data storage area, the system 
further including alteration detection means within a so 
second one of said routing processors to detect 
said alteration indicator, said second routing proc- 
essor, in response to detection of said alteration 
indicator, altering said routing data in said corre- 
sponding routing data storage area to match said 55 
altered routing data in said routing data storage 
area corresponding to said first routing processor. 



19. The system of any of the preceding claims 1 and 2 
wherein said communication processor comprises 
a high-speed data link. 

20. The system of any of the preceding claims 1 and 2 
wherein said communication processor comprises 
a dial-up data link. 

21. A method for the validation of a wireless communi- 
cation using a customer wireless telephone in a 
wireless telephone system, the method comprising 
the steps of: 

acquiring authentication data from an unau- 
thenticated wireless telephone during a 
present communication with said unauthenti- 
cated wireless telephone in a first service area; 
storing reference data associated with the cus- 
tomer wireless telephone in a second service 
area different from said first service area; 
analyzing said acquired authentication data 
with respect to said stored reference data 
associated with the customer wireless tele- 
phone to determine if said unauthenticated 
wireless telephone is the customer telephone 
or a fraudulent wireless telephone; 
controlling access to said stored reference data 
and transferring said stored reference data for 
said step of analyzing; and 
generating a response indicator indicating that 
said unauthenticated wireless telephone has 
been determined to be one of the customer 
wireless telephone and a fraudulent wireless 
telephone. 

22. The method of claim 21, further including the step 
of generating an interdiction signal to indicate that 
said present communication is invalid if said 
response indicator indicates that the unauthenti- 
cated wireless telephone has been determined to 
be a fraudulent wireless telephone. 

23. The method of claim 21, further including the step 
of generating an authorization signal to indicate that 
said present communication is valid if said 
response indicator indicates that the unauthenti- 
cated wireless telephone has been determined to 
be the customer wireless telephone. 

24. The method of claim 21 wherein said step of ana- 
lyzing is performed in said first service area, said 
step of controlling and transferring routing said 
stored reference data from said second service 
area to said first service area to permit said step of 
analyzing to be performed in said first service area. 

25. The method of claim 24 wherein said step of con- 
trolling and transferring routes said stored refer- 
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ence data from said second service area to said 
first service area during said present communica- 
tion and said step of analyzing is performed during 
said present communication. 

5 

26. The method of claim 21 wherein said step of ana- 
lyzing is performed in said second service area, 
said step of accessing and transferring routing said 
acquired authentication data from said first service 
area to said second service area to permit said step io 
of analyzing to be performed in said second service 
area. 

27. The method of claim 26 wherein said step of con- 
trolling and transferring routes said acquired is 
authentication data from said first service area to 
said second service area during said present com- 
munication and said step of analyzing is performed 
during said present communication. 

20 

28. The method of claim 21 wherein said step of ana- 
lyzing further analyzes said acquired authentication 
data for inclusion as a portion of said stored refer- 
ence data. 

21 

29. The method of claim 21 for use with a wireless tele- 
phone transmitting identification data identifying the 
unauthenticated wireless telephone as said cus- 
tomer wireless telephone wherein step of storing is 
performed in one of said first and second service 3 
areas, the method further including the steps of 
storing routing data in association with the identifi- 
cation data of the wireless telephone identifying 
said storage area as being associated with a spe- 
cific one of said first and second service areas, z 
accessing said routing data for said routing data 
associated with the identification data of the wire- 
less communication device and determining in 
which one of said first and second service areas 
step of storing is being performed to obtain said 
stored reference data associated with the customer 
wireless telephone for use by said step of analyz- 
ing. 
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device 



(57) The present invention is directed to a distrib- 
uted system for the authentication of a wireless commu- 
nication device by creating a hierarchical system using 
different regions and groups of regions. If a wireless 
communication occurs within one region, a routine data 
storage area determines whether reference data is 
locally available to compare with data captured from the 
unauthenticated wireless communication device. If the 
reference data is not available, a routing processor 
passes at least a portion of the data to a higher level in 
a hierarchical system until the location of the reference 
data can be determined. The captured data and/or the 
reference data are passed to a common location for 
analysis in a conventional manner. In one embodiment, 
the common location is the region in which the refer- 
ence data is stored. The captured data is transmitted to 
the location where the reference data is stored to permit 
signature analysis at that location. The results of the 
analysis are passed back to the region in which the 
unauthenticated wireless communication device is 
presently located. Alternatively, the region in which the 
data is stored may transmit the reference data to the 
location where the captured data has been acquired. If 
the wireless communication device has been identified 
as an authorized communication device, the communi- 



cation can be processed. If the wireless communication 
device has been identified as a fraudulent device, the 
communication may be interrupted or redirected to a 
fraud intercept location. The technique also provides for 
the automatic update of routing data storage areas so 
that a change in one routing data storage area will be 
automatically passed through the remaining necessary 
portions of the system. 
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